124
edits
Changes
→Hacksburg Network Layout
Ever wanted to learn about cloud computing, but were worried about monthly costs or confusing product options?
Wanted something new to learn that's stay-at-home compatible?
** 2 cores, 6GiB RAM, 64GiB hard drive space
** Private IP address on Hacksburg's network. Laptops, Raspberry Pis, etc. can all communicate directly with each other.
** Public IPv6, so anyone on the Internet can connect to your server (subject to our firewall rules).
** Gigabit Internet connection
** *.<name>.cloud.hacksburg.org DNS wildcard
* VPN
** Access your projects on Hacksburg's network from anywhere.
Hacksburg wants all members to explore computational projects using our resources. If there's something you think we can offer that isn't shown here, come to an open meeting or email board@hacksburg.org to discuss.
== Want access? ==
* To get a virtual machine, make sure you're an active Hacksburg member, then email board@hacksburg.org
** VPN access will only be given if you are a board member, have a VM, or have some other reason. Email board@hackburg.org to request VPN access.
== Hacksburg Physical Hardware ==
**** https://video.hacksburg.org
**** Hosts recordings of our classes
*** [https://snipeitapp.com/ Snipe-It]
**** https://assets.hacksburg.org
**** Asset Management System for keeping tracks of tools, equipment, maintenance of equipment, etc.
* OctoPrint
** Control interface for our 3D printer.
** How to access: https://printer.hacksburg.org
** Where it's located: 192.168.15.4
== VPN ==
VPN allows direct access to the Hacksburg network from anywhere else that has access to the public Internet. Email board@hacksburg.org to get your username and password.
=== Connection Instructions ===
==== Windows 10 ====
''These instructions may also work for Windows 8.1, 7, Vista, etc.''
1. Download the Hacksburg certificate: http://hacksburg.org/Hacksburg+CA.crt.
2. Right-click and choose "Install certificate".
3. Choose "Local Machine" (second option) and click Next.
4. Choose "Place all certificates in the following store" (second option).
5. In the window that comes up, choose "Trusted Root Certification Authorities" (second option). Click OK.
6. Click Next.
7. Click Finish.
8. It should say that importing the certificate was successful. Click OK.
9. Open an administrator PowerShell and run the following commands:
Add-VpnConnection -Name "Hacksburg" -ServerAddress "cloud.hacksburg.org" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection
Add-VpnConnectionRoute -ConnectionName "Hacksburg" -DestinationPrefix 192.168.15.0/24 -PassThru -AllUserConnection
Add-VpnConnectionRoute -ConnectionName "Hacksburg" -DestinationPrefix 192.168.17.0/24 -PassThru -AllUserConnection
Add-VpnConnectionRoute -ConnectionName "Hacksburg" -DestinationPrefix 192.168.18.0/24 -PassThru -AllUserConnection
You should now have a VPN named Hacksburg. Click the network icon in taskbar tray, click Hacksburg, and connect with the provided username and password.
==== Linux (and friends) ====
===== Setup =====
Install <code>strongswan</code>. If you use NetworkManager (Ubuntu), you can use these instructions [https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup#NetworkManager] and fill in the following values:
VPN Server IP: 216.252.204.76
VPN Username: Email board@hacksburg.org to request
VPN Password: Email board@hacksburg.org to request
If you do not use NetworkManager, add the following rows to your <code>ipsec.conf</code> file. On Arch Linux, this file is located at <code>/etc/ipsec.conf</code>:
conn Hacksburg
keyexchange=ikev2
dpdaction=clear
dpddelay=30s
eap_identity="<USERNAME>"
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=cloud.hacksburg.org
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%any
rightca=<CACERT>
type=tunnel
auto=add
Where <code><CACERT></code> is replaced by the path to this file: http://hacksburg.org/Hacksburg+CA.crt and <code><USERNAME></code> is replaced by the username issued to you by emailing board@hacksburg.org. Then, create the file <code>/etc/ipsec.secrets</code> and include the following line:
<USERNAME> : EAP "<PASSWORD>"
Where the username and password are issued to you by emailing board@hacksburg.org. Then, run
# ipsec auto --add Hacksburg
Then, make sure <code>/etc/xl2tpd/xl2tpd.conf</code> has the following contents:
lac Hacksburg]
lns = 216.252.204.76
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
And <code>/etc/ppp/options.l2tpd.client</code> has the following contents:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name <USERNAME>
password <PASSWORD>
Again using the username and password you received from the board.
===== Start VPN =====
You can start the VPN by running:
# systemctl start strongswan
# swanctl -i -c Hacksburg
== Software Tools ==
You can remote in to Hacksblade to use SprutCAM and Lightburn:
1. Install NoMachine (https://www.nomachine.com/). When proceeding through the instructions, do not install the server. If you already have NoMachine, no need to install it again.
1. Connect to VPN.
2. Open NoMachine.
3. In the search box, connect to "192.168.15.194".
4. Use your username and password. You will be prevented from logging in if someone else is using the computer.
5. '''Important''': Make sure to unselect "Change the server resolution to match the client when I connect". If you choose this, you can mess up the remote desktop for other users.
6. You are now presented with the Windows login. Login with the Hacksburg account, '''not your own.'''
7. Do your work.
8. Log out of the Hacksburg account using the start menu.
9. Close the NoMachine connection by clicking on the top right corner, choosing the power button, and clicking "Exit the Player".
== Notes ==
https://pve.proxmox.com/wiki/ZFS:_Switch_Legacy-Boot_to_Proxmox_Boot_Tool#Switching_to_proxmox-boot-tool
https://sleeplessbeastie.eu/2017/03/06/how-to-use-hp-command-line-array-configuration-utility/
http://www.datadisk.co.uk/html_docs/redhat/hpacucli.htm
=== HP Server, Drive Replacement ===
# Remote into the server: <code>ssh root@192.168.15.2</code>
# Confirm with ZFS that a drive has failed: <code>zpool status rpool</code>. One of the drives should be marked failed/offline/removed, something like that.
# Confirm on the front of the server that a drive has failed: look for the red light. Note the number of the drive that has failed.
# Open up the RAID controller utility: <code>hpacucli</code>.
# You are now in the command line for the RAID controller utility. Type <code>ctrl slot=0 show config</code>. This will take a while, and should confirm that one of your logicaldrives has failed. The logicaldrive number should match the numbered bay on the front of the server.
# Physically swap the drive: push the red button on the '''correct''' drive, pull it out, and push in the new drive until it clicks. '''WARNING: pulling the wrong drive at this moment will result in zfs redundancy failure and data loss.''' If you're really scared, shut down the computer first, and don't start it back up until you know you've swapped the correct drive.
# Now run <code>ctrl slot=0 ld <NUMBER> modify reenable forced</code>, where <code><NUMBER></code> is the bay number of the (previously) failed drive. This tells the RAID controller that everything's fine and it should just carry on with the new disk.
# Type <code>exit</code> to get out of the array configuration utility.
# Run <code>zpool status rpool</code> again, and now one of the drives should definitely be marked as <code>REMOVED</code>. Note the (very long) name of that drive in the left column.
# Replace the disk in ZFS: <code>zpool replace rpool <NAME> /dev/disk/by-id/<NAME-2></code>, where <code><NAME-2></code> is the same name as the drive, without any <code>-part3</code> suffix. For example, if <code><NAME></code> is <code>scsi-300320938420934-part3</code>, <code><NAME-2></code> should be <code>scsi-300320938420934</code>. I think this would be <code>-part9</code> if a previously replaced disk failed. The exact number is not important.
# ZFS is now rebuilding (resilvering) the failed disk. The server may be slow for the next several hours. You can run <code>zpool status</code> to check on the progress. It's remaining time estimation is wildly too low, don't rely on it.